Don't poll for invalid wallet address requests

[mkurapov]

Context

Currently, we have a feature that sends a webhook (wallet_address.not_found) out to the ASE if a wallet address looked up via Open Payments wasn't found (#1419). This allows the integrator to call createWalletAddress "on-the-fly"/on demand. This avoids the ASE having to pre-create all wallet addresses for all of their users when first starting up Rafiki - they can just wait for the wallet address to be requested to do the lookup process on their end and create this wallet address.

The current issue with this is the fact that we may get a bunch of "invalid" wallet address requests: for example, while https://ilp.interledger-test.dev/max would be a valid lookup, we may get something like https://ilp.interledger-test.dev/favicon.ico, which is already invalid -> we shouldn't send out a webhook for this.

This can be potentially solved with allowing a standard regex for wallet address creation (something which the ASE can decide). Then, we can use the same regex to validate whether we actually want to publish the wallet_address.not_found whenever we encounter a wallet address that does not exist in the Rafiki DB.

Todos

• Allow an optional regex to be configured in the backend
• Check the regex during wallet address creation
• Check the regex before sending out a wallet_address.not_found webhook

[pedrosousabarreto]

At PCH we came about this issue because of typical website scans that happen all the time on the internet to open web servers.
Problem is that if we serve the wallet address lookup function at the root of the site, everything that looks like "/something.*" is a potential lookup, which triggers work and possibly an unintended denial of service attack.

A simple solution is to just have a prefix where we mount the lookup function, like: "/lookup/:addressToLookup"